Latest revision as of 15:54, 5 February 2013

Contents

Introduction

It has been noticed that the most basic issues seen with the Ciscoworks LMS on its Syslog configuration is because its basic Architecture is not known. This document is intended to give a brief introduction on LMS Syslog Configuration and Architecture for effective Syslog Management using Ciscoworks RME.

Design

Configuration

I. Following is the Diagram on how CiscoWorks Generate reports for Syslog. RME Syslog reports are not directly fetched from Syslog.log (), instead the Syslog messages are being processed and then sent to Syslog DataBase (Syslog.db).

II. Syslog messages are being collected on Syslog.log (or Syslog_info in Solaris) and from here the Syslog Collector()service receive, filter and forward syslog’s to one or more Syslog Servers (if Remote Syslog, or, RSAC) or to local Server(if Local), thus reducing traffic on the network as well as processing load on the server. So, Syslog Collector is a service that runs independently, listens for syslogs and forwards them to the registered applications after necessary filtering.

III. From here the Syslog Analyzer () role is started. The Syslog Analyzer receives syslogs from the Common Syslog Collector, invokes automated actions that have been configured for RME, and stores the syslogs in the database. We can use the Syslog Analyzer to generate many useful reports on the syslogs stored in the Syslog Database ().

All the reports are hence generated from Syslog DB by RME () and a Syslog message is only entered to Syslog Db once its successfully picked by Syslog Collector and then if the Filter is set to forward it to Syslog Db.

Hence after the Syslog Collector is successfully subscribed the highest attention has to paid to the Syslog Filter Settings so that the important syslog messages are not getting filtered out. Also, to view the status of the Common Syslog Collector to which the Syslog Analyzer is subscribed to, follow this procedure: